Menu
Your Linux-based home router culd succumb to a new Telnet worm, Remaiten

Your Linux-based home router culd succumb to a new Telnet worm, Remaiten

The worm takes advantage of exposed Telnet services with weak passwords to infect routers and other embedded devices

Building botnets made up of routers, modems, wireless access points and other networking devices doesn't require sophisticated exploits. Remaiten, a new worm that infects embedded systems, spreads by taking advantage of weak Telnet passwords.

Remaiten is the latest incarnation of distributed denial-of-service Linux bots designed for embedded architectures. Its authors actually call it KTN-Remastered, where KTN most likely stands for a known Linux bot called Kaiten.

When scanning for new victims, Remaiten tries to connect to random IP addresses on port 23 (Telnet) and if the connection is successful, it attempts to authenticate using username and password combinations from a list of commonly used credentials, researchers from ESET said in a blog post.

If the authentication succeeds, the bot executes several commands to determine the system's architecture. It then transfers a small downloader program compiled for that architecture that proceeds to download the full bot from a command-and-control server.

The malware has versions for mips, mipsel, armeabi and armebeabi. Once installed it connects to an IRC (Internet Relay Chat) channel and waits for commands from attackers.

The bot supports a variety of commands for launching different types of denial-of-service attacks. It can also scan for competing DDoS bots on the same system and uninstall them.

It's surprising that many networking devices still use Telnet for remote management, instead of the more secure SSH protocol. It's also unfortunate that many devices ship with Telnet service open by default.

Device owners should use one of the many free online port scanning tools to check if their router has port 23 open and should try to shut down the Telnet service from the device's Web-based administration interface. Unfortunately many gateway devices provided by ISPs to their customers don't give users full access to the management features.

Subscribe here for up-to-date channel news

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

Revealed at a glitzy bash in Sydney at the Ivy Penthouse, the first StorageCraft Partner Awards locally saw the vendor honour its top-performing partners with ASI Solutions, SMBiT Pro, Webroot, ACA Pacific and Soft Solutions New Zealand taking home the top awards. Photos by Maria Stefina.

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards
Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

​Synnex and Lenovo hosted 18 resellers for an action-packed weekend adventure in RotoVegas, taking in white water rafting on the Kaituna River, as well as quad biking and dinner at Stratosfare​, overlooking Lake Rotorua at the top of Mount Ngongotaha​. Photos by Synnex.

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip
Show Comments